Split-horizon DNS
DNS that returns different answers depending on who's asking. Used to serve internal IPs to corporate users and public IPs to everyone else.
Split-horizon DNS (also called split-brain DNS) means the same hostname returns different IPs to different queriers. Most commonly, internal queries get internal IPs; external queries get public IPs.
example.com (asked from corporate network) → 10.0.5.42 (internal)
example.com (asked from public internet) → 198.51.100.42 (public)
Why companies use it
Internal services not exposed to the public. internal-tools.acme.com resolves to an RFC1918 IP when you're on the corporate VPN, NXDOMAIN otherwise.
Different paths for performance. Office workers hit a different load balancer than home users, even for the same product.
Network policy enforcement. Specific routes are visible only to specific networks.
How it's implemented
- Two DNS zones, two nameservers. Internal resolver serves the "inside" zone; public resolvers serve the "outside" zone.
- One nameserver with views. Older BIND configurations use views to return different answers per source.
- Public DNS provider with response policy. Cloudflare and Route 53 support some forms of split horizon for big customers.
Why most SaaS don't need it
For a typical web SaaS, every user is "outside" — there's no internal network with different requirements. Split horizon is mostly an enterprise IT pattern, not a SaaS-side concern.
It does become relevant if you're deploying your SaaS inside a customer's VPC (their internal users use an internal DNS view) or running a hybrid product that has both a SaaS-hosted and a self-hosted flavor.